CVE-2015-0313
published 2015-02-02CVE-2015-0313: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on…
PriorityP192critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-04
Exploited in the wild
EPSS
95.68%
99.9th percentile
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | < 11.2.202.442 | 11.2.202.442 |
| adobe | flash_player | < 13.0.0.269 | 13.0.0.269 |
| adobe | flash_player | <= 13.0.0.264 | — |
| adobe | flash_player | <= 11.2.202.440 | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | >= 14.0.0.125 < 16.0.0.305 | 16.0.0.305 |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| opensuse | evergreen | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| suse | linux_enterprise_desktop | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2015-0313 was actively exploited via drive-by-download attacks specifically targeting systems running Internet Explorer and Firefox on Windows 8.1 and below. ↗
- →CVE-2015-0313 was delivered via malvertising — booby-trapped ads uploaded to online ad networks — as the initial infection vector. ↗
- →CVE-2015-0313 was exploited by the Hanjuan Exploit Kit (also initially attributed to Angler EK); detections should look for Hanjuan, Angler, and Fiesta EK traffic patterns. ↗
- →The exploit for CVE-2015-0313 was confirmed unable to escape the Google Chrome sandbox; detections and incident response should focus on Internet Explorer and Firefox process trees, not Chrome. ↗
- →CVE-2015-0313 was observed as a zero-day as early as December 2014, meaning exposure predates the February 2015 patch; retrospective log review should cover that window. ↗
- ·Attribution of the exploit kit initially shifted; early reporting named Angler EK but was later revised to Hanjuan EK as the primary actor exploiting CVE-2015-0313. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xww9-82cx-c8c3: Use-after-free vulnerability in Adobe Flash Player before 13
ghsa_unreviewed·2022-05-17·CVSS 9.8
CVE-2015-0315 [CRITICAL] GHSA-xww9-82cx-c8c3: Use-after-free vulnerability in Adobe Flash Player before 13
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0320, and CVE-2015-0322.
GHSA
GHSA-35mf-vj2p-cr8q: Use-after-free vulnerability in Adobe Flash Player before 13
ghsa_unreviewed·2022-05-17·CVSS 9.8
CVE-2015-0320 [CRITICAL] GHSA-35mf-vj2p-cr8q: Use-after-free vulnerability in Adobe Flash Player before 13
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0322.
GHSA
GHSA-rrq2-j6vp-346q: Use-after-free vulnerability in Adobe Flash Player before 13
ghsa_unreviewed·2022-05-17·CVSS 9.8
CVE-2015-0322 [CRITICAL] GHSA-rrq2-j6vp-346q: Use-after-free vulnerability in Adobe Flash Player before 13
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0320.
GHSA
GHSA-rr27-273m-v696: Use-after-free vulnerability in Adobe Flash Player before 13
ghsa_unreviewed·2022-05-17·CVSS 9.8
CVE-2015-0331 [CRITICAL] GHSA-rr27-273m-v696: Use-after-free vulnerability in Adobe Flash Player before 13
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
GHSA
GHSA-fg66-4vpm-36cx: Use-after-free vulnerability in Adobe Flash Player before 13
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-0313 [CRITICAL] CWE-416 GHSA-fg66-4vpm-36cx: Use-after-free vulnerability in Adobe Flash Player before 13
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
OSV
CVE-2015-0331: Use-after-free vulnerability in Adobe Flash Player before 13
osv·2015-02-21·CVSS 9.8
CVE-2015-0331 [CRITICAL] CVE-2015-0331: Use-after-free vulnerability in Adobe Flash Player before 13
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
OSV
CVE-2015-0315: Use-after-free vulnerability in Adobe Flash Player before 13
osv·2015-02-06·CVSS 9.8
CVE-2015-0315 [CRITICAL] CVE-2015-0315: Use-after-free vulnerability in Adobe Flash Player before 13
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0320, and CVE-2015-0322.
OSV
CVE-2015-0320: Use-after-free vulnerability in Adobe Flash Player before 13
osv·2015-02-06·CVSS 9.8
CVE-2015-0320 [CRITICAL] CVE-2015-0320: Use-after-free vulnerability in Adobe Flash Player before 13
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0322.
OSV
CVE-2015-0322: Use-after-free vulnerability in Adobe Flash Player before 13
osv·2015-02-06·CVSS 9.8
CVE-2015-0322 [CRITICAL] CVE-2015-0322: Use-after-free vulnerability in Adobe Flash Player before 13
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0320.
OSV
CVE-2015-0313: Use-after-free vulnerability in Adobe Flash Player before 13
osv·2015-02-02·CVSS 9.8
CVE-2015-0313 [CRITICAL] CVE-2015-0313: Use-after-free vulnerability in Adobe Flash Player before 13
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
VulnCheck
Adobe Flash Player Use-After-Free Vulnerability
vulncheck·2015·CVSS 9.8
CVE-2015-0313 [CRITICAL] CWE-416 Adobe Flash Player Use-After-Free Vulnerability
Adobe Flash Player Use-After-Free Vulnerability
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Affected: Adobe Flash Player
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cve.org/CVERecord?id=CVE-2015-0313; https://dl.acm.org/doi/pdf/10.1145/3465481.3465758; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-04
CISA
Adobe Flash Player Use-After-Free Vulnerability
cisa·2022-04-13·CVSS 9.8
CVE-2015-0313 [CRITICAL] CWE-416 Adobe Flash Player Use-After-Free Vulnerability
Vulnerability: Adobe Flash Player Use-After-Free Vulnerability
Affected: Adobe Flash Player
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-0313
Remediation Due Date: 2022-05-04
Red Hat
flash-plugin: multiple code execution flaws (APSB15-04)
vendor_redhat·2015-02-04·CVSS 9.8
CVE-2015-0331 [CRITICAL] flash-plugin: multiple code execution flaws (APSB15-04)
flash-plugin: multiple code execution flaws (APSB15-04)
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
Red Hat
flash-plugin: multiple code execution flaws (APSB15-04)
vendor_redhat·2015-02-04·CVSS 9.8
CVE-2015-0322 [CRITICAL] flash-plugin: multiple code execution flaws (APSB15-04)
flash-plugin: multiple code execution flaws (APSB15-04)
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0320.
Red Hat
flash-plugin: multiple code execution flaws (APSB15-04)
vendor_redhat·2015-02-04·CVSS 9.8
CVE-2015-0315 [CRITICAL] flash-plugin: multiple code execution flaws (APSB15-04)
flash-plugin: multiple code execution flaws (APSB15-04)
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0320, and CVE-2015-0322.
Red Hat
flash-plugin: multiple code execution flaws (APSB15-04)
vendor_redhat·2015-02-04·CVSS 9.8
CVE-2015-0320 [CRITICAL] flash-plugin: multiple code execution flaws (APSB15-04)
flash-plugin: multiple code execution flaws (APSB15-04)
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0322.
Red Hat
flash-plugin: use-after-free leading to code execution (APSB15-04)
vendor_redhat·2015-02-02·CVSS 9.8
CVE-2015-0313 [CRITICAL] CWE-416 flash-plugin: use-after-free leading to code execution (APSB15-04)
flash-plugin: use-after-free leading to code execution (APSB15-04)
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
Package: flash-plugin (Red Hat Enterprise Linux 5) - Not affected
Package: flash-plugin (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
Exploit-DB
Adobe Flash Player - ByteArray With Workers Use-After-Free (Metasploit)
exploitdb·2015-03-31
CVE-2015-0313 Adobe Flash Player - ByteArray With Workers Use-After-Free (Metasploit)
Adobe Flash Player - ByteArray With Workers Use-After-Free (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Adobe Flash Player ByteArray With Workers Use After Free',
'Description' => %q{
This module exploits an use after free vulnerability in Adobe Flash Player. The
vulnerability occurs when the ByteArray assigned to the current ApplicationDomain
is freed from an ActionScript worker, who can fill the memory and notify the main
thread to corrupt the new contents. This module has been tested successfully on
Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.296.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Unknown', # Vulnerability discovery
Exploit-DB
Adobe Flash Player - Arbitrary Code Execution
exploitdb·2015-03-25
CVE-2015-0313 Adobe Flash Player - Arbitrary Code Execution
Adobe Flash Player - Arbitrary Code Execution
---
Source: https://github.com/SecurityObscurity/cve-2015-0313
PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36491.zip
Adobe Flash vulnerability source code (cve-2015-0313) from Angler Exploit Kit
Reference:
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/
http://malware.dontneedcoffee.com/2015/02/cve-2015-0313-flash-up-to-1600296-and.html
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
Metasploit
Adobe Flash Player ByteArray With Workers Use After Free
metasploit
Adobe Flash Player ByteArray With Workers Use After Free
Adobe Flash Player ByteArray With Workers Use After Free
This module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, which can fill the memory and notify the main thread to corrupt the new contents. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 16.0.0.296.
Unit42
Understanding Flash Exploitation and the Alleged CVE-2015-0359 Exploit
blogs_unit42·2015-06-01·CVSS 9.8
CVE-2015-0359 [CRITICAL] Understanding Flash Exploitation and the Alleged CVE-2015-0359 Exploit
What follows is a detailed analysis of the root cause of a vulnerability we call CVE-2015-X, as well as a step-by-step explanation of how to trigger it. For more on Flash vulnerabilities, we also invite you to read "The Latest UAF Vulnerabilities in Exploit Kits," published May 28 by Tao Yan.
Not too long ago we came across a sample from the Angler Exploit kit (MD5: 049ff69bc23f36a78d86bbf1356c2f63c), which allegedly exploits CVE-2015-0359. The obfuscated SWF contains an encoded SWF (MD5: d45808cfa6f3cbfb343fdea269fdc375), which is later decoded and loaded into Flash, without getting saved on disk. Here’s a somewhat beautified example of this process:
The embedded SWF is heavily obfuscated, but the code has much in common with the source code for Angler EK’s CVE-2015-0313 exploit.
The f
Unit42
Understanding Flash Exploitation and the Alleged CVE-2015-0359 Exploit
blogs_unit42·2015-06-01·CVSS 9.8
CVE-2015-0359 [CRITICAL] Understanding Flash Exploitation and the Alleged CVE-2015-0359 Exploit
Threat Research Center
Threat Research
Vulnerabilities
## Understanding Flash Exploitation and the Alleged CVE-2015-0359 Exploit
Palo Alto Networks
Published: June 1, 2015
Threat Research
Vulnerabilities
Adobe Flash Player
Angler Exploit
ByteArray
ByteArrayObject
Flash
What follows is a detailed analysis of the root cause of a vulnerability we call CVE-2015-X, as well as a step-by-step explanation of how to trigger it. For more on Flash vulnerabilities, we also invite you to read " The Latest UAF Vulnerabilities in Exploit Kits ," published May 28 by Tao Yan.
Not too long ago we came across a sample from the Angler Exploit kit (MD5: 049ff69bc23f36a78d86bbf1356c2f63c), which allegedly exploits CVE-2015-0359 . The obfuscated SWF contains an encoded SWF (MD5: d45808cfa6f3cbfb3
Unit42
The Latest Flash UAF Vulnerabilities in Exploit Kits
blogs_unit42·2015-05-28
The Latest Flash UAF Vulnerabilities in Exploit Kits
## The Latest Flash UAF Vulnerabilities in Exploit Kits
Tao Yan
Published: May 28, 2015
Threat Research
Vulnerabilities
Adobe Flash
ByteArray
Flash UAF
## Introduction
Recently, several popular exploit kits, including Angler, Flash EK, SweetOrange, Fiesta andNeutrino[1], have included several use-after-free (UAF) vulnerabilities in Adobe Flash to exploit victims’ browsers. Previously, these exploit kits typically used out-of-bounds access (OBA) vulnerabilities in Adobe Flash, as these types of vulnerabilities can be exploited universally and stably [2], and require less effort to exploit compared to UAF vulnerabilities. In order to detect these newly added UAF vulnerabilities, we analyzed the code found in the exploit kits to determine which vulnerabilities are present and how
Unit42
The Latest Flash UAF Vulnerabilities in Exploit Kits
blogs_unit42·2015-05-28
The Latest Flash UAF Vulnerabilities in Exploit Kits
### Introduction
Recently, several popular exploit kits, including Angler, Flash EK, SweetOrange, Fiesta andNeutrino[1], have included several use-after-free (UAF) vulnerabilities in Adobe Flash to exploit victims’ browsers. Previously, these exploit kits typically used out-of-bounds access (OBA) vulnerabilities in Adobe Flash, as these types of vulnerabilities can be exploited universally and stably [2], and require less effort to exploit compared to UAF vulnerabilities. In order to detect these newly added UAF vulnerabilities, we analyzed the code found in the exploit kits to determine which vulnerabilities are present and how they are exploited.
### Obfuscation in exploit kits
To determine the vulnerabilities within each exploit kit, we first had to overcoming the various obfuscation
Talos
Research Spotlight: Exploiting Use-After-Free Vulnerabilities
blogs_talos·2015-03-17·CVSS 9.3
[CRITICAL] Research Spotlight: Exploiting Use-After-Free Vulnerabilities
This blog post was authored by Earl Carter & Yves Younan.
Talos is constantly researching the ways in which threat actors take advantage of security weaknesses to exploit systems. Yves Younan of Talos will be presenting at CanSecWest on Friday March 20th. The topic of his talk will be FreeSentry, a software-based mitigation technique developed by Talos to protect against exploitation of use-after-free vulnerabilities. Use-after-free vulnerabilities have become an important class of security problems due to the existence of mitigations that protect against other types of vulnerabilities, such as buffer overflows.
Just examining the CVE entries for 2015, you can already see over 20 use-after-free vulnerabilities that have already been identified, impacting various common software applicati
Talos
Research Spotlight: Exploiting Use-After-Free Vulnerabilities
blogs_talos·2015-03-17·CVSS 9.3
[CRITICAL] Research Spotlight: Exploiting Use-After-Free Vulnerabilities
## Research Spotlight: Exploiting Use-After-Free Vulnerabilities
This blog post was authored by Earl Carter & Yves Younan .
Talos is constantly researching the ways in which threat actors take advantage of security weaknesses to exploit systems. Yves Younan of Talos will be presenting at CanSecWest on Friday March 20th. The topic of his talk will be FreeSentry , a software-based mitigation technique developed by Talos to protect against exploitation of use-after-free vulnerabilities. Use-after-free vulnerabilities have become an important class of security problems due to the existence of mitigations that protect against other types of vulnerabilities, such as buffer overflows.
Just examining the CVE entries for 2015, you can already see over 20 use-after-free vulnerabilities that have
Krebs
Yet Another Flash Patch Fixes Zero-Day Flaw
blogs_krebs·2015-02-12·CVSS 9.8
CVE-2015-0313 [CRITICAL] Yet Another Flash Patch Fixes Zero-Day Flaw
For the third time in two weeks, Adobe has issued an emergency security update for its Flash Player software to fix a dangerous zero-day vulnerability that hackers already are exploiting to launch drive-by download attacks.
The newest update, version 16.0.0.305, addresses a critical security bug (CVE-2015-0313) present in the version of Flash that Adobe released on Jan. 27 (v. 16.0.0.296). Adobe said it is are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.
Adobe’s advisory credits both Trend Micro and Microsoft with reporting this bug. Trend Micro published a blog post three days ago warning that the flaw was being used in malvertising attacks –
Qualys
February 0-day for Adobe Flash - Update 2 | Qualys
blogs_qualys·2015-02-02·CVSS 9.8
CVE-2015-0313 [CRITICAL] February 0-day for Adobe Flash - Update 2 | Qualys
Update2: The patch rollout for CVE-2015-0313 has begun . First Adobe Flash autoupdaters, then later the downloadable package plus Chrome and IE.
Update : More evidence on the 0-day (CVE-2015-0313) in the latest Adobe Flash. Trend now believes that it is the Hanjuan Exploit Kit, not Angler that is actively using the 0-day. In addition their testing has shown that the exploit is unable to escape the Google Chrome Sandbox, so Flash running under Google Chrome is still safe. This is actually good news and similar to the last 0-day CVE-2015-0311. Cisco’s Talos group meanwhile reports on further variants of CVE-2015-0311 and their telemetry gives an idea of the spread of the attack that uses an ad network.
Adobe will patch the 0-day this week.
Original : After Adobe fixed two 0-days ( APSB15-
Qualys
February 0-day for Adobe Flash - Update 2 | Qualys
blogs_qualys·2015-02-02·CVSS 9.8
CVE-2015-0313 [CRITICAL] February 0-day for Adobe Flash - Update 2 | Qualys
Update2: The patch rollout for CVE-2015-0313 has begun. First Adobe Flash autoupdaters, then later the downloadable package plus Chrome and IE.
Update: More evidence on the 0-day (CVE-2015-0313) in the latest Adobe Flash. Trend now believes that it is the Hanjuan Exploit Kit, not Angler that is actively using the 0-day. In addition their testing has shown that the exploit is unable to escape the Google Chrome Sandbox, so Flash running under Google Chrome is still safe. This is actually good news and similar to the last 0-day CVE-2015-0311. Cisco’s Talos group meanwhile reports on further variants of CVE-2015-0311 and their telemetry gives an idea of the spread of the attack that uses an ad network.
Adobe will patch the 0-day this week.
Original: After Adobe fixed two 0-days (APSB15-02 a
Krebs
Yet Another Flash Patch Fixes Zero-Day Flaw – Krebs on Security
blogs_krebs·2015-02-01·CVSS 9.8
CVE-2015-0313 [CRITICAL] Yet Another Flash Patch Fixes Zero-Day Flaw – Krebs on Security
For the third time in two weeks, Adobe has issued an emergency security update for its Flash Player software to fix a dangerous zero-day vulnerability that hackers already are exploiting to launch drive-by download attacks.
The newest update, version 16.0.0.305 , addresses a critical security bug ( CVE-2015-0313 ) present in the version of Flash that Adobe released o n Jan. 27 ( v. 16.0.0.296 ). Adobe said it is are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.
Adobe’s advisory credits both Trend Micro and Microsoft with reporting this bug. Trend Micro published a blog post three days ago warning that the flaw was being used in malvertising atta
Recorded Future
New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016
blogs_recorded_future·CVSS 7.8
[HIGH] New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016
# Gone in a Flash: Top 10 Vulnerabilities Used by Exploit Kits
### Analysis Summary
- Adobe Flash Player provided eight of the top 10 vulnerabilities used by exploit kits in 2015.
- Vulnerabilities in Microsoft’s Internet Explorer and Silverlight are also major targets.
- Angler is currently the most popular exploit kit, regularly tied to malware including Cryptolocker.
- Identifying targeted vulnerabilities can better inform patch management functions within organizations.
- Some security professionals suggest uninstalling Adobe Flash Player. Enabling “Click to Play” is a stop-gap.
Recorded Future threat intelligence analysis of over 100 exploit kits (EKs) and known vulnerabilities identified Adobe Flash Player as the most frequently exploited product. While the role of Adobe Flash vul
Recorded Future
New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016 | Recorded Future
blogs_recorded_future·CVSS 7.8
[HIGH] New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016 | Recorded Future
## Gone in a Flash: Top 10 Vulnerabilities Used by Exploit Kits
## Analysis Summary
Adobe Flash Player provided eight of the top 10 vulnerabilities used by exploit kits in 2015.
Vulnerabilities in Microsoft’s Internet Explorer and Silverlight are also major targets.
Angler is currently the most popular exploit kit, regularly tied to malware including Cryptolocker.
Identifying targeted vulnerabilities can better inform patch management functions within organizations.
Some security professionals suggest uninstalling Adobe Flash Player. Enabling “Click to Play” is a stop-gap.
Recorded Future threat intelligence analysis of over 100 exploit kits (EKs) and known vulnerabilities identified Adobe Flash Player as the most frequently exploited product. While the role of Adobe Flash vulnerabi
Recorded Future
The History of Ashiyane: Iran’s First Security Forum
blogs_recorded_future
The History of Ashiyane: Iran’s First Security Forum
# The History of Ashiyane: Iran’s First Security Forum
Scope Note*: Recorded Future conducted research on the evolution of Ashiyane Forum, the first and largest security forum in Iran. Sources of this research include the Recorded FutureⓇ Platform, direct forum interaction, open source research, and interviews with a former Iranian hacker who claims firsthand knowledge of Iran’s security forums.*
This report will be of greatest interest to organizations seeking to understand the rapidly changing criminal and state-sponsored cyber threats emerging from Iran to better protect their organizations.
### Executive Summary
In a previous report, Insikt Group documented the relationship between the Iranian government, contractors used for offensive cyber operations, and the trust communities th
Recorded Future
The History of Ashiyane: Iran’s First Security Forum | Recorded Future
blogs_recorded_future
The History of Ashiyane: Iran’s First Security Forum | Recorded Future
## The History of Ashiyane: Iran’s First Security Forum
This report will be of greatest interest to organizations seeking to understand the rapidly changing criminal and state-sponsored cyber threats emerging from Iran to better protect their organizations.
## Executive Summary
In a previous report , Insikt Group documented the relationship between the Iranian government, contractors used for offensive cyber operations, and the trust communities that begin with Iranian security forums. This report further explores the historical links between Iran’s primary security forum, Ashiyane Forum, and the Iranian government. Recorded Future observed forum posts from over 20,000 Ashiyane Forum members and found a trend in Iranian hacker migration following Ashiyane Forum’s shutdown in August 2018
Bugzilla
flash-plugin: multiple code execution flaws (APSB15-04)
bugzilla·2015-02-06·CVSS 9.8
CVE-2015-0313 [CRITICAL] flash-plugin: multiple code execution flaws (APSB15-04)
flash-plugin: multiple code execution flaws (APSB15-04)
Adobe has released Flash Player 11.2.202.442 for Linux to correct the following flaws:
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330).
These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-0317, CVE-2015-0319).
These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323, CVE-2015-0327).
These updates resolve a buffer overflow vulnerability that could lead to cod
Bugzilla
CVE-2015-0313 flash-plugin: use-after-free leading to code execution (APSB15-04)
bugzilla·2015-02-02·CVSS 9.8
CVE-2015-0313 [CRITICAL] CVE-2015-0313 flash-plugin: use-after-free leading to code execution (APSB15-04)
CVE-2015-0313 flash-plugin: use-after-free leading to code execution (APSB15-04)
The following flaw was found in Adobe Flash Player:
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313)
External References:
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Discussion:
The updated external reference contains:
February 2, 2015 - removed Flash Player version 11.x from the list of affected versions. Version 11.x and earlier do not support the functionality affected by CVE-2015-0313.
On the other hand, Adobe Flash Player 11.2.202.442 is available on the FTP server and some of Adobe's webpages link to it. The main pages do link to 11.2.202.440.
---
Bugzilla
(CVE-2015-0313) Blocklist flash 16.0.0.296 and earlier versions
bugzilla·2015-02-02·CVSS 9.8
CVE-2015-0313 [CRITICAL] (CVE-2015-0313) Blocklist flash 16.0.0.296 and earlier versions
(CVE-2015-0313) Blocklist flash 16.0.0.296 and earlier versions
Per https://helpx.adobe.com/security/products/flash-player/apsa15-02.html A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.
cc'ing espressive and the moc folks so we don't bust plugincheck again when this goes live
Discussion:
This also effects the ESR versions 13.0.0.264 and earlier and the Linux versions 11.2.202.440 and earlier so,
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.htmlhttp://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.htmlhttp://secunia.com/advisories/62528http://secunia.com/advisories/62777http://secunia.com/advisories/62895http://www.osvdb.org/117853http://www.securityfocus.com/bid/72429http://www.securitytracker.com/id/1031686https://exchange.xforce.ibmcloud.com/vulnerabilities/100641https://helpx.adobe.com/security/products/flash-player/apsa15-02.htmlhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.htmlhttps://technet.microsoft.com/library/security/2755801https://www.exploit-db.com/exploits/36579/http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.htmlhttp://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.htmlhttp://secunia.com/advisories/62528http://secunia.com/advisories/62777http://secunia.com/advisories/62895http://www.osvdb.org/117853http://www.securityfocus.com/bid/72429http://www.securitytracker.com/id/1031686https://exchange.xforce.ibmcloud.com/vulnerabilities/100641https://helpx.adobe.com/security/products/flash-player/apsa15-02.htmlhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.htmlhttps://technet.microsoft.com/library/security/2755801https://www.exploit-db.com/exploits/36579/https://github.com/cisagov/vulnrichment/issues/196https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-0313
2015-02-02
Published
2022-04-13
Added to CISA KEV
Exploited in the wild